Malware Technologies – Page 11

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Posted on August 10, 2022 by Pierre Delcher, Giampaolo Dedola

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Continue reading VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges→

Andariel deploys DTrack and Maui ransomware

Posted on August 9, 2022 by Kurt Baumgartner

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly. Continue reading Andariel deploys DTrack and Maui ransomware→

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Posted on July 25, 2022 by GReAT

In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. Continue reading CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit→

Luna and Black Basta — new ransomware for Windows, Linux and ESXi

Posted on July 20, 2022 by Marc Rivero, Jornt van der Wiel, Dmitry Galov, Sergey Lozhkin

This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta. Continue reading Luna and Black Basta — new ransomware for Windows, Linux and ESXi→

The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact

Posted on June 30, 2022 by Pierre Delcher

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. Continue reading The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact→

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

Posted on June 23, 2022 by Kaspersky

We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks. Continue reading The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs→

APT ToddyCat

Posted on June 21, 2022 by Giampaolo Dedola

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’. Continue reading APT ToddyCat→

‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

Posted on June 20, 2022 by Ivan Kwiatkowski, Anastasiya Kazakova, Julia Ryng, Kenddrick Chan

How is technical attribution carried out? What are the key challenges in conducting reliable technical attribution? How can this be more accessible to the multitude of stakeholders? Below are our reflections on these questions. Continue reading ‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace→

IT threat evolution Q1 2022

Posted on May 27, 2022 by David Emm

Kaspersky IT threat review in Q1 2022: activity of APTs such as MoonBounce, BlueNororff, Lazarus and Roaming Mantis, attacks against Ukraine, phishing kits, Okta hack and more. Continue reading IT threat evolution Q1 2022→

New ransomware trends in 2022

Posted on May 11, 2022 by GReAT

This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop. Continue reading New ransomware trends in 2022→